Computation Tree Logic with Deadlock Detection

📝 Abstract

We study the equivalence relation on states of labelled transition systems of satisfying the same formulas in Computation Tree Logic without the next state modality (CTL-X). This relation is obtained by De Nicola & Vaandrager by translating labelled transition systems to Kripke structures, while lifting the totality restriction on the latter. They characterised it as divergence sensitive branching bisimulation equivalence. We find that this equivalence fails to be a congruence for interleaving parallel composition. The reason is that the proposed application of CTL-X to non-total Kripke structures lacks the expressiveness to cope with deadlock properties that are important in the context of parallel composition. We propose an extension of CTL-X, or an alternative treatment of non-totality, that fills this hiatus. The equivalence induced by our extension is characterised as branching bisimulation equivalence with explicit divergence, which is, moreover, shown to be the coarsest congruence contained in divergence sensitive branching bisimulation equivalence.

💡 Analysis

We study the equivalence relation on states of labelled transition systems of satisfying the same formulas in Computation Tree Logic without the next state modality (CTL-X). This relation is obtained by De Nicola & Vaandrager by translating labelled transition systems to Kripke structures, while lifting the totality restriction on the latter. They characterised it as divergence sensitive branching bisimulation equivalence. We find that this equivalence fails to be a congruence for interleaving parallel composition. The reason is that the proposed application of CTL-X to non-total Kripke structures lacks the expressiveness to cope with deadlock properties that are important in the context of parallel composition. We propose an extension of CTL-X, or an alternative treatment of non-totality, that fills this hiatus. The equivalence induced by our extension is characterised as branching bisimulation equivalence with explicit divergence, which is, moreover, shown to be the coarsest congruence contained in divergence sensitive branching bisimulation equivalence.

📄 Content

Logical Methods in Computer Science Vol. 5 (4:5) 2009, pp. 1–24 www.lmcs-online.org Submitted Oct. 6, 2008 Published Dec. 22, 2009 COMPUTATION TREE LOGIC WITH DEADLOCK DETECTION ROB VAN GLABBEEK a, BAS LUTTIK b, AND NIKOLA TRˇCKA c a National ICT Australia, and School of Comp. Sc. and Engineering, University of New South Wales, Sydney, Australia e-mail address: rvg@cs.stanford.edu b,c Dept. of Math. & Comp. Sc., Technische Universiteit Eindhoven, The Netherlands e-mail address: {s.p.luttik,n.trcka}@tue.nl Abstract. We study the equivalence relation on states of labelled transition systems of satisfying the same formulas in Computation Tree Logic without the next state modality (CTL−X). This relation is obtained by De Nicola & Vaandrager by translating labelled transition systems to Kripke structures, while lifting the totality restriction on the latter. They characterised it as divergence sensitive branching bisimulation equivalence. We find that this equivalence fails to be a congruence for interleaving parallel composi- tion. The reason is that the proposed application of CTL−X to non-total Kripke structures lacks the expressiveness to cope with deadlock properties that are important in the context of parallel composition. We propose an extension of CTL−X, or an alternative treatment of non-totality, that fills this hiatus. The equivalence induced by our extension is charac- terised as branching bisimulation equivalence with explicit divergence, which is, moreover, shown to be the coarsest congruence contained in divergence sensitive branching bisimu- lation equivalence.

1. Introduction CTL∗[7] is a powerful state-based temporal logic combining linear time and branching time modalities; it generalises the branching time temporal logic CTL [6]. CTL∗is interpreted in terms of Kripke structures, directed graphs together with a labelling function assigning to every node of the graph a set of atomic propositions. As the next state modality X is incompatible with abstraction of the notion of state, it is often excluded in high-level specifications. By CTL∗ −X we denote CTL∗without this modality. To characterise the equivalence induced on states of Kripke structures by validity of CTL∗ −X formulas, Browne, Clarke & Grumberg [3] defined the notion of stuttering equivalence. They proved that two states in a finite Kripke structure are stuttering equivalent if and only if they satisfy the same CTL∗ −X formulas, and moreover, they established that this is already the case if and only if the two states satisfy the same CTL−X formulas. 1998 ACM Subject Classification: F.4.1, D.2.4. Key words and phrases: temporal logic, deadlock, parallel composition, stuttering equivalence, branching bisimulation equivalence, explicit divergence. LOGICAL METHODS l IN COMPUTER SCIENCE DOI:10.2168/LMCS-5 (4:5) 2009 c ⃝ R. van Glabbeek, B. Luttik, and N. Trˇcka CC ⃝ Creative Commons 2 R. VAN GLABBEEK, B. LUTTIK, AND N. TRˇCKA There is an intuitive correspondence between the notions of stuttering equivalence on Kripke structures and branching bisimulation equivalence [10] on labelled transition sys- tems (LTSs), directed graphs of which the edges are labelled with actions. De Nicola & Vaandrager [5] have provided a framework for constructing natural translations between LTSs and Kripke structures in which this correspondence can be formalised. Stuttering equivalence corresponds in their framework to a divergence sensitive variant of branching bisimulation equivalence, and conversely, branching bisimulation equivalence corresponds to a divergence blind variant of stuttering equivalence. The latter characterises the equivalence induced on states of Kripke structures by a divergence blind variant of validity of CTL∗ −X formulas. In [6, 7, 3] and other work on CTL∗, Kripke structures are required to be total, meaning that every state has an outgoing transition. These correspond with LTSs that are deadlock- free. In the world of LTSs requiring deadlock-freeness is considered a serious limitation, as deadlock is introduced by useful process algebraic operators like the restriction of CCS and the synchronous parallel composition of CSP. Conceptually, a deadlock may arise as the result of an unsuccessful synchronisation attempt between parallel components, and often one wants to verify that the result of a parallel composition is deadlock-free. This is, of course, only possible when working in a model of concurrency where deadlocks can be expressed. Through the translations of [5] it is possible to define the validity of CTL∗ −X formulas on states of LTSs. To apply CTL∗ −X-formulas to LTSs that may contain deadlocks, De Nicola & Vaandrager [5] consider Kripke structures with deadlocks as well, and hence lift the requirement of totality. They do so by using maximal paths instead of infinite paths in the definition of validity of CTL∗ −X formulas. Without further changes, this amounts to the addition of a self-loop to every deadlock state. As a consequence

This content is AI-processed based on ArXiv data.